Category

Embedded browser initialization failed

Dan |
Last updated: May 28, 2019 03:58PM UTC

Hi
I am having an issue with the Response/Render feature of the embedded browser.
When I click on "Render" in the "Response" tab I receive the following message "Embedded browser initialization failed"
I also ran the Embedded browser health check and I get the following messages.
Checking Platform Support - Success
Checking Browser Binaries - Success
Creating embbeded browser documenation window - Error
Aborting checks due to errors.
java.io.EOFException
Burp Pro v2.0.22beta
Kali Linux with all updates as of 2019-05-28
I have also attempted to update the installation and this did not resolve the issue.
Any ideas?
Thanks
Dan

Liam, PortSwigger Agent |
Last updated: May 29, 2019 07:02AM UTC

Thanks for the info, Dan.
We're hoping to release a workaround for this issue in the next update of Burp 2.×.

Rose, PortSwigger Agent |
Last updated: May 31, 2019 10:07AM UTC

We expect this issue to have been fixed in the latest release: v2.0.24beta.
Let us know if you're still experiencing issues.

Shubham - sorry to hear you're still having difficulty. Can you please email support@portswigger.net with your Diagnostics and Embedded browser health check - which are both on the Help menu.

Burp User |
Last updated: Jul 01, 2019 01:42PM UTC

Hello,
I've just updated to v2.1 and I'm having the same error as above. Could you advise?
Thanks,

Rose, PortSwigger Agent |
Last updated: Jul 02, 2019 01:12PM UTC

Pepita– sorry to hear you're still having difficulty. Can you please email support@portswigger.net with your Diagnostics and Embedded browser health check – which are both on the Help menu.

Burp User |
Last updated: Jul 26, 2019 02:16PM UTC

I had the same problem (Debian Stretch all upadtes, Burp Pro 2.1.02), but I found a java debug log which said:
[0726/153651.016897:FATAL:setuid_sandbox_host.cc(157)] The SUID sandbox helper b
inary was found, but is not configured correctly. Rather than run without sandbo
xing I'm aborting now. You need to make sure that /home/.../.BurpSuite/burpbrowser/0.122/lib/chrome-sandbox is owned by root and has mode 4755.
I did the change and everything is working.
Regards

Rose, PortSwigger Agent |
Last updated: Jul 29, 2019 10:04AM UTC

Thanks, Louis. When running as root, the embedded browser sandbox is switched off. Another workaround for this is to Disable the embedded browser sandbox when running as a non-root user (User options > Display > HTML Rendering > Enable embedded browser sandbox).
Our development team are looking into a fix for this.

Hannah, PortSwigger Agent |
Last updated: Jul 29, 2019 10:11AM UTC

Naffchwan, what operating system are you using and what have you tried already?

Burp User |
Last updated: Sep 13, 2019 08:05PM UTC

Still seeing this in 2.1.03 on Debian Buster.
If I disable the browser sandbox (eek) the health check then fails at:
"Unable to created headless browser."
See same debug message as Louis above, although needing to grant root privilege in order to run a browser feels very wrong, now if you'd said send corrupt IP packets I'd have understood.
Changing the ownership and permissions to those in the debug log and enabling the sandbox works. All tests pass. I can read the Help pages again.

I have tried all suggestions above and none has suceeded.
Burp Version 2.1.04
Burp Browser Version 0.144

Burp User |
Last updated: Nov 20, 2019 04:15PM UTC

sudo sysctl -w kernel.unprivileged_userns_clone=1
Fixed it for me on a Debian machine. Thanks a million!

Burp User |
Last updated: Nov 23, 2019 02:03PM UTC

I would advise strongly against that kernel setting. Setting it is a global change that unnecessarily increases the attack surface of your system. Refer here:
https://lwn.net/Articles/673597/
https://security.stackexchange.com/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do
The fix mentioned above the kernel setting about changing the perms on the 'chrome-sandbox' file worked for me. Commands ran:
sudo chown root:root ~/.BurpSuite/burpbrowser/0.144/lib/chrome-sandbox
sudo chmod 4755 ~/.BurpSuite/burpbrowser/0.144/lib/chrome-sandbox
Currently running:
Burp Community 2.1.04
Debian 4.9.189

Ben, PortSwigger Agent |
Last updated: Nov 26, 2019 01:03PM UTC

Hi Jimmy,
Thank you for the information.

Burp User |
Last updated: Nov 28, 2019 03:19PM UTC

@Jimmy, I don't think setting the SUID bit on a browser binary makes you more secure than disabling Debian specific kernel patch...

IAN |
Last updated: May 04, 2020 12:02AM UTC

Hi Guys,
Is there an official fix for this yet?
Errors I get are similar to the ones mentioned above.
"Unable to show help due to browser error. Use Embedded Browser Health Check for more details"
When trying to check for updates, this is the error I get: "Failed to open browser for URL: https://portswigger.net/burp/communitydownload"
Also, when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to Help, License, Update License Key - I don't have a License option in my Menu.
Im running BurpSuite Community Edition v2.1.07 on a Kali VM (version: Linux Rolling - Kernel: Linux 5.4.0-kali3-amd64)
Sincerely hoping someone can assist,
Ian.

IAN |
Last updated: May 04, 2020 12:02AM UTC

Hi Guys,
Is there an official fix for this yet?
Errors I get are similar to the ones mentioned above.
"Unable to show help due to browser error. Use Embedded Browser Health Check for more details"
When trying to check for updates, this is the error I get: "Failed to open browser for URL: https://portswigger.net/burp/communitydownload"
Also, when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to Help, License, Update License Key - I don't have a License option in my Menu.
Im running BurpSuite Community Edition v2.1.07 on a Kali VM (version: Linux Rolling - Kernel: Linux 5.4.0-kali3-amd64)
Sincerely hoping someone can assist,
Ian.

IAN |
Last updated: May 04, 2020 01:31AM UTC

Further to my comment above - more detail on my version of Kali =
Kali-Linux-2020.1-vmware-amd64\Kali-Linux-2020.1-vmware-amd64.vmdk
Hoping this helps...
Ian.

Ian, are you running as root?
Have you tried using the latest platform installer version of Burp?

ian |
Last updated: May 04, 2020 11:06PM UTC

Hi Liam,
Yip - running as root.
No - haven't tried the latest platform installer.
Pls provide me with a link to it - would be very appreciative.
Sincerely,
Ian.

ian |
Last updated: May 04, 2020 11:06PM UTC

Hi Liam,
Yip - running as root.
No - haven't tried the latest platform installer.
Pls provide me with a link to it - would be very appreciative.
Sincerely,
Ian.

ian |
Last updated: May 04, 2020 11:08PM UTC

Hey again Liam,
Just a quick one to add to my rely above - remember, Im running BurpSuite Community Edition v2.1.07 - isnt this the latest version?
Thanks again,
Ian.

Liam, PortSwigger Agent |
Last updated: May 05, 2020 07:32AM UTC

Ian, the latest version is 2020-4 - https://portswigger.net/burp/releases/professional-community-2020-4?requestededition=community.
A workaround for this is to disable the embedded browser sandbox when running as a non-root user (User options > Display > HTML Rendering > Enable embedded browser sandbox). Have you tried this?

ian |
Last updated: May 06, 2020 05:06AM UTC

Hi Liam,
AS mentioned, Im running Burp from my Kali set up (details you've seen above) - I run an update, and upgrade on a weekly basis.
Would this update/ upgrade perhaps not have already given me access to the latest version (2020-4)? - (Im just trying to avoid any more unnecessary messing around with this).
Is there perhaps a quick and easy way to tell what version Im running via the Burp-Console?
Yip - I've disabled the embedded browser sandbox - PLEASE NOTE: I've done this via the Burp portal (User options > Display > HTML Rendering > Enable embedded browser sandbox) - and not via the Kali command-line (i.e, you made a reference to a non-root user above).
Thanks Mate,

ian |
Last updated: May 06, 2020 05:12AM UTC

Hey again Liam - further to my note above,
I need to mention again that when I get to the start-up page of Burp "Welcome to Burp Suite Community Edition....", Im presented with a pop-up page notifying me that an update is available (2020.4). When I click on the "Update now" button, I get an error-----> "Failed to open web browser for URL://portswigger.net/burp/communitydownload

Liam, PortSwigger Agent |
Last updated: May 06, 2020 02:28PM UTC

Ian, can you try ticking this checkbox:
Audit configuration > JavaScript analysis > Allow running without browser sandbox.
If you have enabled the Embedded browser option via Crawl configuration > Misc, enable "Use embedded browser is sandbox even if sandbox cannot be started.
The alert - "Unable to create headless browser with sandbox" shouldn't affect performance.
Please let us know if this helps.
Are you able to open http://portswigger.net/burp/communitydownload in your browser?

ian |
Last updated: May 07, 2020 05:19AM UTC

Hey Liam...
Ok, apologies (sincerely Mate), but havent been able to find the "Audit config" nor the "Crawl Configuration" tabs - I've check under all the main tabs in Burp - pls provide me with exact path (do you perhaps need me to do this in my browser {and not in Burp})?
Yip - I am able to open http://portswigger.net/burp/communitydownload in my browser.
Thanks again for all your assistance to this point mate,
Ian.

Thanks for the diagnostics Ian. Could you try updating the latest platform installer version of Burp Suite? This comes bundled with its own Java version.
Once you've done that, if you go to Dashboard > New Scan > Scan configuration > New ... You'll see the Crawling and Auditing configuration settings.

ian |
Last updated: May 12, 2020 05:10AM UTC

Hey Liam,
Ok, here we go - I've done the update, and also run a Embedded Browser Health Check - these are the details:
Burp Version 2020.4
Burp Browser Version 81.0.4044.122
Burp Browser binaries /usr/local/BurpSuiteCommunity/burpbrowser/81.0.4044.122
Code source /usr/local/BurpSuiteCommunity/burpsuite_community.jar
Debug ID 6dbzio7uq9xkdnsremma:lt76
JAR type Installer
Embedded Browser Health Check
Checks completed with warnings.
Unable to created headless browser with sandbox.
Pls note - when going to the Dashboard as mentioned above, my "New scan" option is greyed out (not clickable) - is this perhaps due to the fact that Im not running the professional version yet?
If so, when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to Help, License, Update License Key - I don't have a License option in my Menu.
Ok Mate - looks like we're getting somewhere - hoping we can nail it soon though.
All the best,
Ian.

ian |
Last updated: May 12, 2020 05:19AM UTC

Just picked up some more info Im hoping might assist you with your troubleshooting - pls see below (taken from teh command line):
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
net.portswigger.devtools.client.ak: Unable to start browser:
[0512/004758.027547:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
[0512/004759.075602:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
[0512/004801.115244:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
at net.portswigger.devtools.client.a6.a(Unknown Source)
at net.portswigger.devtools.client.a6.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.cgm.a(Unknown Source)
at burp.bky.a(Unknown Source)
at burp.bky.run(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.io.IOException: Failed to read devtools port from browser output (TEST-USER-AGENT)
at net.portswigger.devtools.client.t.<init>(Unknown Source)
at net.portswigger.devtools.client.g.a(Unknown Source)
... 12 more
Deleting temporary files - please wait ... done.
Thanks again Mate.

ian |
Last updated: May 12, 2020 05:19AM UTC

Just picked up some more info Im hoping might assist you with your troubleshooting - pls see below (taken from teh command line):
Picked up _JAVA_OPTIONS: -Dawt.useSystemAAFontSettings=on -Dswing.aatext=true
net.portswigger.devtools.client.ak: Unable to start browser:
[0512/004758.027547:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
[0512/004759.075602:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
[0512/004801.115244:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
at net.portswigger.devtools.client.a6.a(Unknown Source)
at net.portswigger.devtools.client.a6.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.ph.a(Unknown Source)
at burp.cgm.a(Unknown Source)
at burp.bky.a(Unknown Source)
at burp.bky.run(Unknown Source)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:830)
Caused by: java.io.IOException: Failed to read devtools port from browser output (TEST-USER-AGENT)
at net.portswigger.devtools.client.t.<init>(Unknown Source)
at net.portswigger.devtools.client.g.a(Unknown Source)
... 12 more
Deleting temporary files - please wait ... done.
Thanks again Mate.

Hey Liam - thanks for the quick response mate.
Remember, from one of my previous posts: I havent been able to find the "Audit config" nor the "Crawl Configuration" tabs - I've check under all the main tabs in Burp - pls provide me with exact path (do you perhaps need me to do this in my browser {and not in Burp})?

ian |
Last updated: May 13, 2020 12:10AM UTC

Hey Liam - just reading through your notes above (and as I've already mentioned), Pls note - when going to the Dashboard, my "New scan" option is greyed out (not clickable) - is this perhaps due to the fact that Im not running the professional version yet?

ian |
Last updated: May 13, 2020 12:46AM UTC

Hey again Liam,
A few more "weird" things to perhaps mention....
When trying to disable the embedded browser sandbox when running as a non-root user (User options > Display > HTML Rendering > Enable embedded browser sandbox).....
Under the HTML Rendering heading, the Check-Box options that I now have (after upgrading to 2020.4) are:
"Allow renderer to make HTTP requests (for images, etc.)" - This checkbox is checked
"Allow renderer to run without browser sandbox" - This checkbox is unchecked
I no longer have an option to disable the embedded browser sandbox via this path (User options > Display > HTML Rendering > Enable embedded browser sandbox)
Thanks again,
Ian.

Michelle, PortSwigger Agent |
Last updated: May 13, 2020 02:10PM UTC

Hi Ian
I'm just going through your questions if I've missed anything let me know!
You're right, the New Scan option is greyed out because you're using Community rather than Pro. The Audit and Crawl configuration tabs are also options in Pro.
Sorry for the mix-up on the options under HTML Rendering, that wording has only just changed in version 2020.4, so you'd need to check the box 'Allow renderer to run without browser sandbox' to get the same effect.
Whilst you're testing those options, I'll take a closer look at what could be causing the issues with the sandbox.

ian |
Last updated: May 13, 2020 11:26PM UTC

Hey Michelle - thanks for taking this one over (hope this ticket has'nt "done Liam's head in").
Ok cool, I've checked the 'Allow renderer to run without browser sandbox', and then restarted Burp - I can now click the "Upgrade to Burp Professional" and "Support center" links, and get access to your site - great!
So now, the next (and hopefully final) step, is to be able to load the Temp Professional key I was issues last week (ish) - unfortunately, I've still got the same issues as I had when originally trying to load the key (when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to Help, License, Update License Key - I don't have a License option in my Menu).
Ok Michelle - again, really appreciate you stepping in here.
Looking forward to getting this one wrapped up!
Ian.

ian |
Last updated: May 13, 2020 11:26PM UTC

Hey Michelle - thanks for taking this one over (hope this ticket has'nt "done Liam's head in").
Ok cool, I've checked the 'Allow renderer to run without browser sandbox', and then restarted Burp - I can now click the "Upgrade to Burp Professional" and "Support center" links, and get access to your site - great!
So now, the next (and hopefully final) step, is to be able to load the Temp Professional key I was issues last week (ish) - unfortunately, I've still got the same issues as I had when originally trying to load the key (when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to Help, License, Update License Key - I don't have a License option in my Menu).
Ok Michelle - again, really appreciate you stepping in here.
Looking forward to getting this one wrapped up!
Ian.

Michelle, PortSwigger Agent |
Last updated: May 14, 2020 12:15PM UTC

Hi Ian
Thanks for the update :-)
I'm glad that got things a bit further, I will still see what else we can find on the browser sandbox issues so you have the option of re-enabling it though.
For the next step (applying the license for Professional), you'll need to log into your account on the PortSwigger website and download the installer for Burp Suite Professional. The first time you launch it you'll be prompted for your license.
You can have Community and Professional both installed on your machine at the same time.
Let me know how you get on!

Michelle, PortSwigger Agent |
Last updated: May 14, 2020 01:24PM UTC

Hi Ian
I've just been going through some of your other posts, you sent us some messages you saw on the CLI
[0512/004758.027547:FATAL:zygote_host_impl_linux.cc(116)] No usable sandbox! Update your kernel or see https://chromium.googlesource.com/chromium/src/+/master/docs/linux/suid_sandbox_development.md for more information on developing with the SUID sandbox. If you want to live dangerously and need an immediate workaround, you can try using --no-sandbox.
You usually see this if you're running as root.
Let us know how you get on with the install of Professional

ian |
Last updated: May 18, 2020 04:46AM UTC

Hi Michelle - thanks for the above replies.
Ok, so on to the next issue.....
To download my trial license for pro, the instructions provided to me by your support team direct me to log into my account, where I am supposed to find my license key - however, when going to my account, its shows as "You do not have any licenses".
Under the "I would like to" menu, i have the option of downloading burp suite (again) - I dont think these are the correct links for my demo license though.
Not sure where to find the link to my demo license.
Pls let me know what you think.
Thanks,
Ian.

Michelle, PortSwigger Agent |
Last updated: May 18, 2020 08:11AM UTC

Hi Ian
Thanks for the update.
Trial licenses are offered to businesses and will be linked to the business email used when filling out the request form (https://portswigger.net/requestfreetrial/pro). If you want to email me the details you used to request the trial to support@portwigger.net, I can have a look into it for you.

ian |
Last updated: May 19, 2020 03:20AM UTC

Hey Michelle - thanks for the speedy reply.
As mentioned, I've already been allocated my trail Pro license key, with instruction on how to retrieve it - however, when trying to load a temp license key for the pro version, the instructions provided from PortSwigger direct me to go to----> the Help Menu, License, Update License Key...... - I don't have a License option in my Help Menu.
These are the instruction provided to me:
**********************************************************************************
Your Burp Suite Professional free trial is now available
Dear Burp User
Thank you for requesting a free trial of Burp Suite Professional. Your 30 day trial license starts immediately.
To download your software and license key, please visit your account.
Here are your login details:
Email address:
ian.ward@gasystems.com.au
Password:
Please click here to retrieve
The link to retrieve your password is only valid for 7 days.
You should keep a secure record of your password and not disclose it to any unauthorized party.
We hope your trial gives you the chance to see how Burp Suite Professional can help you to meet your web security needs.
Getting started
To download the software, log in to your account and download the latest Professional build and license key. For further help click here.
Help on starting to use Burp Suite Professional can be found here.
********************************************************************************************

Michelle, PortSwigger Agent |
Last updated: May 19, 2020 09:17AM UTC

Hi Ian
Were you able to download the Professional version of the software (it's a different installer to the one used for Community) and go through the installation steps without any issues? If Profesional hasn't been installed on your machine before then you should be prompted to enter the license as part of the installation.
If you can send me a screenshot of what you're seeing to support@portswigger.net that should help me figure out what's going on.

ian |
Last updated: May 20, 2020 12:25AM UTC

Hey Michelle,
Nope, haven been able to download the professional version (not sure Im downloading from the right place though) - you reckon you could provide me with a link to the exact location for download.
This is the path im using (after logging into my account): https://portswigger.net/burp/releases
Im trying to download Professional/ Community 2020.4 (is this what I should be trying to download)?
When trying to download from here, I get the following message "No valid license for download - get one now" - when I click on the "get one now" link, I go to the following page: https://portswigger.net/burp.
Im out of ideas....
Hoping you can assist.
Thanks again,
Ian.

Michelle, PortSwigger Agent |
Last updated: May 20, 2020 08:27AM UTC

Hi Ian
That sounds like the trial license you requested isn't linked to the account you're using to logging in. When you first log in do you see the trial license listed under the 'Your Licenses and Products' section?
If you don't, can you email me with the details you used to request the trial please and I'll see what I can find out?

ian |
Last updated: May 21, 2020 03:16AM UTC

Hey Michelle,
Nope - dont see my temp license when I log in. The message I get is "You do not have any licenses".
When I log into the portal, Im using my personal email address: ian.ward38@gmail.com, however, the license was generated under ian.ward@gasystems.com.au - (mandatory requirement) - (I havent got an account associated with this particular address).
Thanks again for all your assistance,
Ian.

IAN |
Last updated: May 21, 2020 03:20AM UTC

Hey Michelle,
Just managed to log in with these details: ian.ward@gasystems.com.au....
Now have access to license.
Whew, been a looooooong process to get to this point - happy we're finally here.
Will try and download the license, and let you know how I go.
If all goes well - we can close this ticket - finally.

Michelle, PortSwigger Agent |
Last updated: May 21, 2020 07:50AM UTC

Hi Ian
I'm glad you've found the license and I hope you enjoy using Professional! Let us know if you have any questions.

ian |
Last updated: May 25, 2020 04:52AM UTC

Thanks Michelle,
Really appreciate all the assistance!
If you like, you guys can close this ticket now.
Until next time I guess..... ;)
Take care,
Ian.